After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 743930 - Poppler JPXStream.cc JPXStream::fillReadBuf() received SIGSEGV Memory Corruption Vulnerability
Poppler JPXStream.cc JPXStream::fillReadBuf() received SIGSEGV Memory Corrupt...
Status: RESOLVED NOTGNOME
Product: evince
Classification: Core
Component: PDF
3.4.x
Other Linux
: Normal major
: ---
Assigned To: Evince Maintainers
Evince Maintainers
Depends on:
Blocks:
 
 
Reported: 2015-02-03 13:12 UTC by Veysel
Modified: 2015-02-05 11:45 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
Crasher (566.24 KB, application/pdf)
2015-02-05 07:23 UTC, Veysel
Details

Description Veysel 2015-02-03 13:12:43 UTC
d 0xb5fffb40 (LWP 20749) exited]
[New Thread 0xb5fffb40 (LWP 20750)]
[New Thread 0xb57feb40 (LWP 20755)]
Error: PDF file is damaged - attempting to reconstruct xref table...

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb57feb40 (LWP 20755)]
[----------------------------------registers-----------------------------------]
EAX: 0x21d9ead 
EBX: 0xb3ac5ff4 --> 0x1b0ba4 
ECX: 0x0 
EDX: 0x0 
ESI: 0xb357a778 --> 0xb3ac32c8 --> 0xb3974390 (<_ZN9JPXStreamD2Ev>:     sub    esp,0x1c)
EDI: 0x215bf35c 
EBP: 0x0 
ESP: 0xb57fd85c --> 0x0 
EIP: 0xb397457a (<_ZN9JPXStream11fillReadBufEv+186>:    add    ecx,DWORD PTR [edi+0x30])
EFLAGS: 0x210207 (CARRY PARITY adjust zero sign trap INTERRUPT direction overflow)
[-------------------------------------code-------------------------------------]
   0xb397456c <_ZN9JPXStream11fillReadBufEv+172>:       add    edi,DWORD PTR [esi+0xb4]
   0xb3974572 <_ZN9JPXStream11fillReadBufEv+178>:       mov    DWORD PTR [esp+0xc],edx
   0xb3974576 <_ZN9JPXStream11fillReadBufEv+182>:       mov    edx,DWORD PTR [esp+0x8]
=> 0xb397457a <_ZN9JPXStream11fillReadBufEv+186>:       add    ecx,DWORD PTR [edi+0x30]
   0xb397457d <_ZN9JPXStream11fillReadBufEv+189>:       mov    ebp,DWORD PTR [ecx+0xc]
   0xb3974580 <_ZN9JPXStream11fillReadBufEv+192>:       lea    eax,[ebp+edx*1-0x1]
   0xb3974584 <_ZN9JPXStream11fillReadBufEv+196>:       xor    edx,edx
   0xb3974586 <_ZN9JPXStream11fillReadBufEv+198>:       div    ebp
[------------------------------------stack-------------------------------------]
0000| 0xb57fd85c --> 0x0 
0004| 0xb57fd860 --> 0x0 
0008| 0xb57fd864 --> 0x0 
0012| 0xb57fd868 --> 0x1b 
0016| 0xb57fd86c --> 0x9d 
0020| 0xb57fd870 --> 0xb357a778 --> 0xb3ac32c8 --> 0xb3974390 (<_ZN9JPXStreamD2Ev>:     sub    esp,0x1c)
0024| 0xb57fd874 --> 0x0 
0028| 0xb57fd878 --> 0xb357a778 --> 0xb3ac32c8 --> 0xb3974390 (<_ZN9JPXStreamD2Ev>:     sub    esp,0x1c)
[------------------------------------------------------------------------------]
Legend: code, data, rodata, value
Stopped reason: SIGSEGV
0xb397457a in JPXStream::fillReadBuf() () from /usr/lib/i386-linux-gnu/libpoppler.so.19
gdb-peda$
Comment 1 André Klapper 2015-02-04 23:54:08 UTC
Any testcase available?
Comment 2 Veysel 2015-02-05 07:22:44 UTC
I'm sorry I forgot to add testcase. You can find here.
Comment 3 Veysel 2015-02-05 07:23:12 UTC
Created attachment 296173 [details]
Crasher
Comment 4 Germán Poo-Caamaño 2015-02-05 11:45:36 UTC
Thanks for reporting in poppler's bugzilla and adding the reference here.

Closing this one as NOTGNOME.